27 December 2019
The deadlines for registration with the Data Controllers Registry (“Registry”) has been extended by the Data Protection Board (“Board”) with its decision dated 27th December 2019 and numbered 2019/387. The Board’s decision explains a number of reasons for this further extension in detail, but we can say that the main reason was due to the incomplete and incorrect entries made by many controllers without carrying out a proper compliance work.
Accordingly, the new deadlines for fulfilling the registration and notification obligations are as follows:
Data controllers who have more than 50 employees or an annual balance sheet total of more than TRY 25 million
: 30 June 2020
Data controllers residing abroad
Data controllers who have less than 50 employees and an annual balance sheet total of less than TRY 25 million but their main field of operation is the processing of sensitive data (special categories of data)
: 30 September 2020
Data controllers that are governmental institutions and organizations
: 31 December 2020
The decision of the Board is not simply an extension of deadlines, it is a serious warning for all data controllers. The Board made it very clear that the registration obligation must be fulfilled duly in accordance with the legislation. Many controllers recently made their registries simply to meet the deadlines but without really examining their data processing activities and the applicable legislation. Thus now the Board has given those data controllers an extensions of 6 months to remedy their mistakes and properly complete their registries.
Data Privacy Blog